" spam "

Valentines’ Day — the cybercrook’s favourite

Every year malware creators milk poor Valentine’s Day by sending out cute emails packed with vicious malware to to unsuspecting users. Obviously it keeps on working — that why they keep on doing it. Below Oscar Cavada from PandaLabs profiles a worm doing the rounds:

There are only 4 days left for Saint Valentine’s Day and this special date is being used again by the worm Waledac to spread itself.

The last variant that use this romantic subject to spread is W32/Waledac.J.worm.

The email messages that are being used for its distribution contains a link which points to a malicious website like the following:

We have found the following malicious domains (be careful) from which the worm is downloaded:

hxxp://cantlosedata.com
hxxp://losenowfast.com
hxxp://theworldpool.com
hxxp://alldataworld.com
hxxp://mingwater.com
hxxp://alldatanow.com
hxxp://cantlosedata.com

The filenames used by the worm are variable, but they are usually related to love. We have found the following:
run.exe, ecard.exe, programm.exe, lovekit.exe, runme.exe, start.exe, loveexe.exe, save.exe…

Only 8.4% of email reaching companies is legitimate

Only 8.4% of emails that reach companies are legitimate. Some 89.88% of messages are spam, while 1.11% are infected with malware. This data has been compiled after the analysis of 430 million email messages last year by TrustLayer Mail, the clean mail managed service from Panda Security, the global IT security vendor.

Only January witnessed levels of spam below 80%. During the rest of the year, the amount of spam fluctuated, peaking in the second quarter at 94.27%.

“With respect to infected messages, the Netsky.P worm was the most frequently detected malicious code,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This type of malware activates automatically when users view the infected message through the Microsoft Outlook preview pane. It does this by exploiting a vulnerability in Internet Explorer that allows automatic execution of email attachments.”

“The fact that these two malicious codes often act in unison explains the high number of detections of both,” said Matthews. “Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment.”

The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code.

“For companies, spam is more than just a nuisance: It consumes bandwidth, wastes employees’ time and can even cause system malfunctions. In the end, it all results in a loss of productivity,” concluded Matthews.

Much of this spam was circulated by the extensive network of zombie computers controlled by cyber-crooks. A zombie is a computer infected by a bot, a type of malware allowing cyber criminals to control infected systems. Frequently, these computers are used as a network to drive malicious actions such as the sending of spam. Just in the last three months of the year, 301,000 zombie computers were being put into action every day.

The subject of spam

With respect to the different types of spam in circulation, 32.25% of spam in 2008 was related to pharmaceutical products with sexual performance enhancers accounting for 20.5%.

Spam relating to the economic situation also grew significantly throughout 2008. False job offers and fraudulent diplomas accounted for 2.75% of all junk mail in the year, while messages promoting mortgages and fake loans were responsible for 4.75%.

Spam promoting fake brand products was responsible for 16.75% of the total. This last category nevertheless, dropped from 21% in the first half of the year to 12.5% in the last six months.